Presentation on theme: "Trusted Query Network (TQN) A Novel Approach to Generating Information Security Data Vijay Vaishnavi Richard Baskerville Art Vandenberg Jack Zheng Department."— Presentation transcript:
Trusted Query Network (TQN) A Novel Approach to Generating Information Security Data Vijay Vaishnavi Richard Baskerville Art Vandenberg Jack Zheng Department of Computer Information Systems Georgia State University Atlanta, Georgia, USA Presented at the WITS 2006 Milwaukee, WI, USA Dec 10 th 2006
2 Acknowledgement IT Security Risk Management Research Team Richard BaskervilleMartin Grace Robert SainsburyDetmar Straub Carl StuckeVijay Vaishnavi Art VandenbergGuangzhi Zheng Tony VanceMichelle Bellard Dave Bloomquist This project is partially funded by Georgia State Universitys Office of the Vice President for Research FY07 Internal Grants Program as a Team Grant.
3 Agenda Problem Research question/objective Related research Our solution: TQN Future research/Conclusion
4 Problem/Motivation Organizations need benchmarking information to accurately estimate their risk of information security breaches, but these industry-wide data are not available Why? –Many organizations do not collect and analyze IT security risk data –Sharing sensitive information has disclosure risk. Organizations do not want to share their information, even within their own organization
5 Research Question/Objective How to support and encourage organizations to contribute their data to the generation of useful and accurate IT security data on an industry-wide basis, while they still maintain their total control of data and privacy (without disclosing its own data at any time)? The objective of this research is to design and prototype an inter-organizational architecture and supporting algorithms that provides a complete solution to address the problem above.
6 Solution Requirements Requirements of such a complete inter- organizational infrastructure –Guaranteed anonymity –Total control of data –Flexible and rich configuration for participation automation –Supporting common queries to obtain useful industry- wide information –Providing enough incentives and maximizing sharing benefit –Secure and scalable
7 Related Research (Partial Solutions) Centralized secured database –Cerias CIRDB (Purdue University) Privacy preserving data integration/distributed data mining –Secure multi-party computation P2P anonymous file sharing –Onion Routing, Hordes Federated security control –Shibboleth
8 Our Solution (Complete Solution): Trusted Query Network (TQN) TQN is a distributed, peer-to-peer, service- oriented, collaborative and secure system to generating industry-level data while keeping raw data local to the organization –Organizations totally control data at all times without centralized storage –TQN guarantees anonymity of participants and their data –Any member can initiate queries and get results quickly and securely. Query results are propagated to all participants automatically –Query participation is based on flexible configuration of policies and agents which execute policies automatically
9 TQN Architecture
10 TQN Member Sites The Query and Report Agent –prepares and submits query requests; –accepts and records query results; –integrates query results and local data for report and further analysis; –maintains activity logs. The TQN Response Agent is responsible for responding to queries within TQN: –responding to policy probing; –responding to TQN query; –Transmits the TQN message to the next destination defined in TQN message; –Maintains activity logs.
11 TQN Coordinator TQN Coordinator provides supporting services that are required to be performed independently (these services do not interfere with the query process) –Service Site Registry to provide a directory of all member organizations and a mapping between real, networked attached service sites (URIs) and unique, pseudonymous identifications. –Query Monitor responsible for query processing at the beginning and the end of any query, with functions including traveling path randomization, query result propagation, and query logging.
12 TQN Coordinator TQN Query Protocol Any member: Query request Query Monitor: probing policies TQN Message Preparation Sufficient #? Results Caculation All members Participants determination Results propagation All Participants
13 TQN Policy Policy: local criteria in order to release data to the pool –Example (simple policy): I am willing to contribute my data if there are minimum 10 organizations which will respond (for a certain query, in a certain situation) Participants determination –Algorithms to determine whos participating and whos not, based on analysis of all policies
15 TQN Message TQN message records information passed among query participants (standard XML format, wrapped in SOAP messages) –Query id –Query –Date/times –Traveling path –Pooled result and participant count
16 Prototype A basic TQN network is prototyped based on previously discussed components Welcome to our demonstration later in the WITS project demo session (3:45-5:15PM)
17 Future Research Research continues –Policy –Registration –Query –Reputation –Scalable and efficient security –Multiple networks
18 Conclusion Our approach addresses a fundamental limitation that is preventing organizations from collaborating in generating objective information on security breaches and losses TQN is a complete solution that can lead to needed industry-wide metrics and benchmark data for information security risk management TQN is not limited to the security arena. It can be used in any situation in which a group of organizations have sensitive data that is valuable for generating metrics and benchmarks, but where sharing that data carries risk if exposed